Now we have OpenSSL's CVE-2014-0160. Because of a wrong implementation of the heartbeat extension (around for 2 years) someone can extract a memory snapshot of the process from the server up to 64k. As the memory area is random, it's always different what you can get out, but it can leak possible sensitive information, like private key, username, password, etc... Vulnerable / non-vulnerable versions: